Well, this is just a charming development. According to The Verge, there’s an exploit making the rounds that’s practically an idiot-proof way for anyone who’s got your email and birthdate to hack your iCloud account.
Basically, your mom could pull this off, if she’s the nosy type.
The Verge reports:
We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page.
The site didn’t link to the tutorial, but staffers tested it and it worked.
The good news is, Apple just introduced two-step verification. The bad news is, some people are apparently being told that it could take three whole days to set it up. That means their best option for protecting their accounts is to just change their date of birth.